Skip to Content
Меню
Вам необхідно зареєструватися, щоб взаємодіяти зі спільнотою.
Це запитання позначене
6313 Переглядів

In our Odoo 9 installation (hosted on a Debian 8 server), we have a use-case where we need to access the Messages stored by the system (Settings->Technical->Email->Messages if in debug mode). This has been made available to our normal users through use of a window action. I have one user who has very high permissions in the system, yet every time this user visits the Messages page, they get the following error.

The requested operation cannot be completed due to security restrictions. Please contact your system administrator.
(Document type: calendar.event, Operation: read)

The web console logs a trackback as well:

Server application error {"message":"Odoo Server Error","code":200,"data":{"debug":"Traceback (most recent call last):\n File \"/usr/lib/python2.7/dist-packages/openerp/http.py\", line 605, in _handle_exception\n return super(JsonRequest, self)._handle_exception(exception)\n File \"/usr/lib/python2.7/dist-packages/openerp/http.py\", line 642, in dispatch\n result = self._call_function(**self.params)\n File \"/usr/lib/python2.7/dist-packages/openerp/http.py\", line 316, in _call_function\n return checked_call(self.db, *args, **kwargs)\n File \"/usr/lib/python2.7/dist-packages/openerp/service/model.py\", line 118, in wrapper\n return f(dbname, *args, **kwargs)\n File \"/usr/lib/python2.7/dist-packages/openerp/http.py\", line 309, in checked_call\n result = self.endpoint(*a, **kw)\n File \"/usr/lib/python2.7/dist-packages/openerp/http.py\", line 893, in __call__\n return self.method(*args, **kw)\n File \"/usr/lib/python2.7/dist-packages/openerp/http.py\", line 471, in response_wrap\n response = f(*args, **kw)\n File \"/usr/lib/python2.7/dist-packages/openerp/addons/web/controllers/main.py\", line 832, in search_read\n return self.do_search_read(model, fields, offset, limit, domain, sort)\n File \"/usr/lib/python2.7/dist-packages/openerp/addons/web/controllers/main.py\", line 860, in do_search_read\n length = Model.search_count(domain, request.context)\n File \"/usr/lib/python2.7/dist-packages/openerp/http.py\", line 998, in proxy\n result = meth(cr, request.uid, *args, **kw)\n File \"/usr/lib/python2.7/dist-packages/openerp/api.py\", line 238, in wrapper\n return old_api(self, *args, **kwargs)\n File \"/usr/lib/python2.7/dist-packages/openerp/models.py\", line 1634, in search_count\n res = self.search(cr, user, args, context=context, count=True)\n File \"/usr/lib/python2.7/dist-packages/openerp/api.py\", line 238, in wrapper\n return old_api(self, *args, **kwargs)\n File \"/usr/lib/python2.7/dist-packages/openerp/addons/calendar/calendar.py\", line 1746, in search\n return super(mail_message, self).search(cr, uid, args, offset=offset, limit=limit, order=order, context=context, count=count)\n File \"/usr/lib/python2.7/dist-packages/openerp/api.py\", line 238, in wrapper\n return old_api(self, *args, **kwargs)\n File \"/usr/lib/python2.7/dist-packages/openerp/models.py\", line 1658, in search\n return self._search(cr, user, args, offset=offset, limit=limit, order=order, context=context, count=count)\n File \"/usr/lib/python2.7/dist-packages/openerp/api.py\", line 238, in wrapper\n return old_api(self, *args, **kwargs)\n File \"/usr/lib/python2.7/dist-packages/openerp/api.py\", line 342, in old_api\n result = method(recs, *args, **kwargs)\n File \"/usr/lib/python2.7/dist-packages/openerp/addons/mail/models/mail_message.py\", line 661, in _search\n allowed_ids = self._find_allowed_doc_ids(model_ids)\n File \"/usr/lib/python2.7/dist-packages/openerp/api.py\", line 236, in wrapper\n return new_api(self, *args, **kwargs)\n File \"/usr/lib/python2.7/dist-packages/openerp/addons/mail/models/mail_message.py\", line 597, in _find_allowed_doc_ids\n allowed_ids |= self._find_allowed_model_wise(doc_model, doc_dict)\n File \"/usr/lib/python2.7/dist-packages/openerp/api.py\", line 236, in wrapper\n return new_api(self, *args, **kwargs)\n File \"/usr/lib/python2.7/dist-packages/openerp/api.py\", line 478, in new_api\n result = method(self._model, cr, uid, *args, **old_kwargs)\n File \"/usr/lib/python2.7/dist-packages/openerp/addons/calendar/calendar.py\", line 1753, in _find_allowed_model_wise\n for virtual_id in self.pool[doc_model].get_recurrent_ids(cr, uid, doc_dict.keys(), [], order=order, context=context):\n File \"/usr/lib/python2.7/dist-packages/openerp/api.py\", line 238, in wrapper\n return old_api(self, *args, **kwargs)\n File \"/usr/lib/python2.7/dist-packages/openerp/addons/calendar/calendar.py\", line 1153, in get_recurrent_ids\n if not ev.recurrency or not ev.rrule:\n File \"/usr/lib/python2.7/dist-packages/openerp/fields.py\", line 800, in __get__\n return record._cache[self]\n File \"/usr/lib/python2.7/dist-packages/openerp/models.py\", line 6089, in __getitem__\n return value.get() if isinstance(value, SpecialValue) else value\n File \"/usr/lib/python2.7/dist-packages/openerp/fields.py\", line 38, in get\n raise self.exception\nAccessError: (u'The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\\n\\n(Document type: calendar.event, Operation: read)', None)\n","exception_type":"access_error","message":"The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: calendar.event, Operation: read)\nNone","name":"openerp.exceptions.AccessError","arguments":["The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: calendar.event, Operation: read)",null]}}

Looking at the trackback (This event doesn't get logged, even when the server is running with a debug log level), it appears to be checking which message IDs the user is allowed to access. As this is an administrative user, they should always have access to all messages as I do. The user account is exactly the same as mine, yet only that account experiences these problems.

What I've done so far:

  • Changed the permissions of the user

  • Removed the user all together and recreated it

  • Created access rules to specifically allow groups the user is in full access to calendar.event

  • Disabled all record rules relating to calendar.event and mail.message

  • Enabled Portal group on the user - This only allowed viewing of a couple messages, but not the ones we're interested in

  • Granting user to every option available on user page while in technical mode

All of these have resulted in no success. Would anyone have some ideas to point me in the right direction to get this working? This user MUST have an account in the software that works

Аватар
Відмінити
Автор

I should also say that I don't want to go into these modules and remove the check. This isn't beneficial as it would remove a lot of the changes we've made through the interface (we're working on moving to a custom module for those changes, but that's a ways off)

Автор

Apparently I can't update this post... UPDATE: I found what appears to be the cause of the issue, though I'm still quite confused. This error occurs if the user is set as a manager in Project and I'm apparently the exception because my account is set as a Project Manager, and I created an account with that as its only permission (that bore my name + test) and it worked. Creating the other user doesn't work however.

Related Posts Відповіді Переглядів Дія
1
лют. 24
7174
2
бер. 25
6408
0
трав. 24
2085
4
січ. 24
14172
0
вер. 23
2520